Short Name |
HTTP:INFO-LEAK:VIGNETTE-LEAK |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Vignette Story Server Sensitive Information Disclosure |
Release Date |
2003/06/18 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in Vignette Story Server. Vignette Story Server versions 4.1 and 6 are vulnerable. Attackers can expose information about user sessions, server side code, and other sensitive information.
It has been reported that Vignette StoryServer, under some circumstances may reveal stack memory content. If a specially crafted request is made for a page that accepts user-supplied data an error state may be triggered. If the attack is successful a dump of the current stack contents will be returned to the attackers browser within an error message. The information gathered in this way may be used to mount further attacks against the system.